flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "pkumar.flex" <prashaku...@gmail.com>
Subject Re: Securing BlazeDS endpoint
Date Mon, 28 Sep 2015 05:32:11 GMT
You can check for "crossdomain" file or FlexContext class under BlazeDs.
These can help you to authenticate user.

On Mon, Sep 28, 2015 at 5:49 AM, Justin Magnan [via Apache Flex Users] <
ml-node+s2333346n11238h63@n4.nabble.com> wrote:

> I am looking for ways to provide authentication and authorization for a
> BlazeDS endpoint running on Tomcat 8.0.26, BlazeDS 4.7.1, JAVA 1.8
>
> Everything is already configured to use a SecureAMFChannel with SSL. I am
> not using Spring Security.
>
> I have a database storing the salted hash of my users passwords.
>
> To clarify when I say authentication and authorization I mean the
> following:
>
> authentication: I know who you are.
> authorization: I know who you are and what you are able to access.
>
> I my case, if you are authenticated, you can access the system, it's
> fairly
> simple.
>
> Today I handle everything myself. User logs in from the main Flex page, I
> check the credentials and if they match I return success to the client and
> load the main application.
>
> Once logged into the application, every time a call is made to the server
> I
> check the database to see if the supplied hash matches and proceed.
>
> I know mx.messaging.ChannelSet has login and logout methods that tie to
> the
> login commands defined in services-config.xml. I have struggled to make
> sense of that approach, most of the examples online are either dead links
> pretty dated at this point. Does anyone use this approach in production?
>
> Another approach I have been thinking of taking is moving the login page
> to
> html, and then using a custom filter to do authentication in front of the
> MessageBrokerSerlvet defined in web.xml So if someone tries to access the
> BlazeDS endpoint and they are not authenticated access will be denied.
>
> Does anyone know of a more secure way to do it or have a link to a good
> example?
>
> Thanks,
> Justin
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://apache-flex-users.2333346.n4.nabble.com/Securing-BlazeDS-endpoint-tp11238.html
> To unsubscribe from Apache Flex Users, click here
> <http://apache-flex-users.2333346.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=1&code=cHJhc2hha3VtYXJAZ21haWwuY29tfDF8LTU0MTcyMzE2NA==>
> .
> NAML
> <http://apache-flex-users.2333346.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>



-- 
*Regards,*
Prashant Kumar* | *Mob.: +91 8408811225




--
View this message in context: http://apache-flex-users.2333346.n4.nabble.com/Securing-BlazeDS-endpoint-tp11238p11239.html
Sent from the Apache Flex Users mailing list archive at Nabble.com.

Mime
View raw message